Source: lxml Version: 4.6.4-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for lxml. CVE-2021-43818[0]: | lxml is a library for processing XML and HTML in the Python language. | Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain | crafted script content pass through, as well as script content in SVG | files embedded using data URIs. Users that employ the HTML cleaner in | a security relevant context should upgrade to lxml 4.6.5 to receive a | patch. There are no known workarounds available. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-43818 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43818 [1] https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
